Skip to content

Releases: emtunc/SlackPirate

Interactive Mode!

16 Aug 20:57
9788be6
Compare
Choose a tag to compare

Huge thanks to @Robtova for implementing interactive mode.

You can now run SlackPirate in interactive mode by using the --interactive flag. The tool will run you through the process of copy/pasting the Slack Cookie/Token, choosing a Workspace (or multiple!) and lastly, choosing scan options.

Regex Update

03 Aug 20:06
Compare
Choose a tag to compare

"This regex usually breaks when Slack updates their website - I think I've made it robust enough to withstand future website updates :)"

Unfortunately, my regex skills weren't/aren't leet enough - the response pages now include a funky mix of back slashes and forward slashes.

I updated the regex to simply look for <anything>.slack.com. Previously it was looking for https://<anything>.slack.com. It broke because the response now looks like https:\\/\\/<anything>.slack.com

Regex Update

22 May 11:44
Compare
Choose a tag to compare

Updated the regex which discovers the Workspaces that a cookie has access to. This regex usually breaks when Slack updates their website - I think I've made it robust enough to withstand future website updates :)

Verbose flag now available

01 Apr 10:06
814a7a2
Compare
Choose a tag to compare

Big thanks to @milangfx and his hard work for this release 👍

  • Support for --verbose flag which will output .csv files with far more information such as the channel the item was found in, who posted it and my favourite, a perma-link to the message in Slack.

Full list of headers recorded:

'timestamp', 'link', 'channel_id', 'channel_name', 'user_id', 'user_name', 'regex_results'

Better cookie handling and improved credential regex

27 Mar 10:37
629a2f2
Compare
Choose a tag to compare
  • Take two. Fix cookie handling (encoding/decoding) for real this time.
  • Improved credential harvesting regex. More work to be done here but it's a start.

Handle Cookie URL Encoding

03 Nov 19:41
3349701
Compare
Choose a tag to compare
  • Cookies that were not URL encoded would fail to retrieve Workspaces and tokens. We now handle this by encoding any cookies that aren't encoded. Thanks @milangfx :)

Fix for downloads and token retrieval

30 Oct 22:21
079cc07
Compare
Choose a tag to compare

PR: #42

  • Fix an issue with downloads crashing out in certain scenarios - thanks @westonlit
  • Fix an issue retrieving Workspace tokens using the --cookie flag which was caused by a front end change by Slack

Latest User-Agent headers are now pulled dynamically from an API

29 Jan 13:19
0c15149
Compare
Choose a tag to compare
  • The tool now grabs the latest browser (chrome/firefox) and operating system (windows/osx) from the https://user-agent.io API.

This makes it more difficult to detect the tool in the logs as requests will appear to come from a 'modern and up to date browser'.

Asynchronous File downloads and Optimisations

17 Jan 22:41
b87dd16
Compare
Choose a tag to compare
  • Files are now downloaded asynchronously
  • File download operation now displays useful information such as current file(s) being downloaded
  • Fixed problem where certain file-types would not download properly. This was due to older User-Agent header strings - the list has now been updated with more up-to-date UA strings

More useful messages printed when using --cookie

16 Jan 00:08
acb1f0b
Compare
Choose a tag to compare
  • Running SlackPirate.py with the --cookie flag will now print whether a token is an admin token or not alongside each Workspace returned.

i.e., if a cookie returns 10 Workspaces, it will be immediately obvious which ones are privileged tokens and which ones aren't.